-
Notifications
You must be signed in to change notification settings - Fork 173
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adding "-AT PoP" option to "Set-MgGraphOptions"
Adding AT PoP skeleton (#2511) * adding "-AT PoP" option to "Set-MgGraphOptions" --------- AT PoP Version 1 Fehintolaobafemi/methodanduri (#2751) * Making changes to how httpmethod and uri is processed --------- Fixing and updating the docs resolving build break fixing build issues related to docs resolving PR comments updating nuget packages removing unnecessary string assignment Resolving PR comments reverting test csproj changes
- Loading branch information
1 parent
37d1157
commit 43589bf
Showing
19 changed files
with
293 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Microsoft Graph PowerShell SDK: Access Token Proof of Possession (AT PoP) Capability | ||
|
||
## Overview | ||
|
||
This README provides comprehensive details on the Access Token Proof of Possession (AT PoP) functionality introduced in the Microsoft Graph PowerShell SDK. This feature enhances security by binding tokens to specific HTTP methods and URIs, ensuring they are used only for their intended purposes. | ||
|
||
## Table of Contents | ||
|
||
- [Key Features](#key-features) | ||
- [Installation](#installation) | ||
- [Configuration](#configuration) | ||
- [Usage Examples](#usage-examples) | ||
- [References](#references) | ||
|
||
## Key Features | ||
|
||
- **Access Token Proof of Possession (AT PoP)**: This feature binds tokens to specific HTTP methods and URIs, preventing misuse of tokens by ensuring they are used only for the intended HTTP requests. | ||
- **Updated Dependencies**: Compatibility improvements with recent library changes. | ||
- **Enhanced Token Acquisition Options**: Users can now specify the HTTP method and URI during token acquisition to further secure token usage. | ||
|
||
### Token acquisition behaviors | ||
|
||
| Condition | Unbound (default) | Bound (PoP) | | ||
|-----------|-----------|-----------| | ||
| First sign-in | New token, interactive| New token, interactive | | ||
| Existing token, same URI | No new token, silent | No new token, silent | | ||
| Existing token, different URI | No new token, silent | New token, silent | | ||
| Existing expired token, below max token refreshes | New token, silent | New token, silent | | ||
| Existing expired token, exceeded max refreshes | New token, interactive | New token, interactive | | ||
|
||
## Installation | ||
|
||
To install the Microsoft Graph PowerShell SDK with the latest updates, use the following command: | ||
|
||
```powershell | ||
Install-Module -Name Microsoft.Graph -AllowClobber -Force | ||
``` | ||
|
||
Ensure you are using the latest version to access the AT PoP functionality. | ||
|
||
## Configuration | ||
|
||
### Enabling Access Token Proof of Possession | ||
|
||
To enable AT PoP, configure the Microsoft Graph SDK options as follows: | ||
|
||
```powershell | ||
Set-MgGraphOption -EnableATPoP $true | ||
Connect-MgGraph | ||
``` | ||
|
||
This configuration ensures that the acquired token is only valid for the specified HTTP method and URI. | ||
|
||
## Usage Examples | ||
|
||
### Example 1: | ||
|
||
```powershell | ||
Set-MgGraphOption -EnableATPoP $true | ||
Connect-MgGraph | ||
Invoke-MgGraphRequest -Method GET https://graph.microsoft.com/v1.0/me -Debug | ||
``` | ||
|
||
### Example 2: | ||
|
||
```powershell | ||
Set-MgGraphOption -EnableATPoP $true | ||
Connect-MgGraph | ||
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/me/sendMail" -Method POST -Debug | ||
``` | ||
|
||
## References | ||
|
||
This README provides a detailed guide on the new AT PoP functionality, offering users the ability to secure their token usage effectively. If you have any questions or need further assistance, please refer to the official [Microsoft Graph PowerShell SDK documentation](https://docs.microsoft.com/en-us/powershell/microsoftgraph/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
src/Authentication/Authentication.Core/Interfaces/IGraphRequestPopContext.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// ------------------------------------------------------------------------------ | ||
// Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information. | ||
// ------------------------------------------------------------------------------ | ||
|
||
using Azure.Core; | ||
using Azure.Identity; | ||
using System; | ||
using System.Net.Http; | ||
|
||
namespace Microsoft.Graph.PowerShell.Authentication | ||
{ | ||
public interface IGraphRequestPopContext | ||
{ | ||
Uri Uri { get; set; } | ||
HttpMethod HttpMethod { get; set; } | ||
AccessToken AccessToken { get; set; } | ||
PopTokenRequestContext PopTokenContext { get; set; } | ||
Request Request { get; set; } | ||
InteractiveBrowserCredential PopInteractiveBrowserCredential { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 7 additions & 5 deletions
12
src/Authentication/Authentication.Core/Microsoft.Graph.Authentication.Core.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.